Group Support Planning

I’ve been doing some thinking on how to best implement group support into the plugin. This would probably be a multi phase approach, to hopefully fulfill all requests.

NOTE: This is currently a work in progress and there is no estimate on when it will be complete

Per Blog Settings

LDAP Group mapping on a per blog, per role basis. This would all for any given blog to map each individual role to a separate LDAP group. The goal would be for these groups to automatically check for new users on logon and update accordingly. The biggest concern here is figuring out a way for the automatic updating to happen without having a huge impact on performance.

Sitewide Settings

Group based control of the following:

Who can login to the blog (standard user)

Who can login to the blog with automatic blog creation

Who can’t login – deny list

Are there any other thoughts on other possible setups or anything else that others would like added? If so – please leave a comment with your thoughts!

I don’t know much about LDAP Groups but what I think might be really useful for us is to be able to automatically add new users to certain blogs (and maybe even BuddyPress groups) depending on their LDAP Group.

I understand the “Automatic Updating” as a kind of synchronisation feature (is that what you mean?); it would be really cool if WordPress could automatically synchronise itself with the LDAP user groups (and automatically add new users to groups and also remove old users).

Technically the WordPress Cron might be a good place to put the automatic synchronisation bit (see function wp_schedule_event()), and of course the state for a user would also have to be “checked” whenever a user logs in. WP_Cron is build so it does not affect frontend performance directly (as long as the server can cope) and is e.g. used for the twice-daily update checks at the moment.

One reason to hook roles to LDAP attributes is that one might want to be able to control access based on something like a department name. In our LDAP directory things like departments and user types (i.e. faculty/staff/student) are stored as attributes, not groups.